<?php
class CSRF{
    //获取CSRF
    public static function getCSRF(){
        $_session = Yaf_Registry::get('session');
        $token = $_session->get('csrf_token');
        if (isset($token) === false) {
            $token = bin2hex(openssl_random_pseudo_bytes(16));
            $_session->set('csrf_token', $token);
        }
        return $token;
    }

    //验证CSRF
    public static function checkCSRF($csrf){
        $_session = Yaf_Registry::get('session');
        $token = $_session->get('csrf_token');
        if (isset($token) === false) {
            return false;
        }
        if(0 === strcmp($token, $csrf)){
            return true;
        }
        return false;
    }

    //销毁CSRF
    public static function unsetCSRF(){
        $_session = Yaf_Registry::get('session');
        $_session->del('csrf_token');
        return true;
    }
}
